Overview

SSH, or Secure SHell, is a secure alternative to telnet. With SSH, you are able to securely copy/edit files, access SVN, cron jobs, and other DreamHost services via a standard unix command line also known as shell. All SSH traffic travels over a secured connection rather than plain text. Because of this, the connection is encrypted and secure. DreamHost currently uses OpenSSH software on the server end.

Note:

Before being able to log into your server via SSH, you must update your user to a SHELL user in the Panel. This process is detailed in the Enabling Shell Access wiki.

When you're finally ready to log into your server via SSH, you'll use the following command in your terminal:

ssh username@server.dreamhost.com
-or-
ssh username@yourdomain.com

Be sure to change "yourdomain.com" to your actual domain or server.dreamhost.com to the server to which you're attempting to connect.

SSH Client Software

Windows is the only commonly-used operating system that does not include a native SSH client. Windows users need to download SSH software separately (see below). Mac OS X and UNIX/Linux users can run the SSH client from any terminal application.

Below are instructions on how to use SSH depending on the operating system or device you are using to connect.

Mac OS X

The simplest way to open terminal on OSX is to use the spotlight search. Press COMMAND (⌘) + SPACEBAR and then type the word terminal:

After you select that, the terminal screen opens:

In terminal, enter your login command which looks like this:

ssh username@server.dreamhost.com

For example, here is a screenshot of a DreamHost user named mywikiuser connecting to a server named charles-pickney:

Unix/Linux

Most distributions of UNIX/Linux come with the OpenSSH package. Any terminal application (xterm, Konsole, etc.) can be used to initiate a secure shell. To log into your web server using SSH in a UNIX/Linux environment, type the following into your shell terminal:

ssh username@yourdomain.com

Be sure to change ‘username’ to your SHELL user in the panel and change ‘yourdomain.com’ to the domain you’re attempting to connect.

For logging in to a VPS, you would use the following format:

ssh username@psxxxxxx.dreamhostps.com

For example, let’s say your VPS is named ps12345. Your login would then be as follows:

ssh username@ps12345@dreamhostps.com

Windows

Every windows SSH client has its own way to be installed and launched, but once you've set it up, there is no difference in further operations. However, each client is suited to specific (or general needs). So, you may wish to try more than one to see what works best for you. Here are a few options:

Chrome

Secure Shell is a terminal emulator and stand-alone ssh client for the Chrome web browser. As of January 2015, it's still in beta release with known bugs.

iPhone

An excellent paid SSH app for both iPhone and iPad is Prompt2, by Panic. However, if you don’t want to pay for the premium version, a free app is available through Serverauditor by Cystanix for the iPhone and iPad. This SSH terminal is highly rated by other users and is free to download as well.

When you open Serverauditor, the ‘Activity’ page opens which is blank.

Tap the cloud icon in the top left corner:

After you tap the cloud icon, a side panel opens which shows various options:

To connect via SSH, tap the Quick Connect option at the top.

The Quick Connect screen opens which prompts you for SSH settings:

Enter the following:

username: Enter the username in this field.

hostname: Enter the host name or server to connect to here.

port setting: Since you’re connecting via SSH, the port setting should be set to 22.

password (optional): Enter the user’s password here. This is actually not an optional field like it states.

After filling in the details for your user’s login details, tap the Connect button to connect to the host server.

After you successfully log in, your user's home directory opens where you can manage the domain's site files:

You can use standard Linux commands to navigate through your user with this application.

Android

ConnectBot is an SSH application available for free on the Android Market. You can use it to access SSH, Telnet, and local protocols.

Passwordless Login

Once you set up a shell user, you must enter your password each time when logging into the server. If you’d like to avoid entering your password each time, you can set up Passwordless Login. This way, you'll be able to automatically login each time immediately without needing to enter your password.

Passwordless Login for Mac OS X, Linux, Unix and Cygwin

The following are instructions on how to set up Passwordless Login for any Unix, Linux, OSX, or Cygwin machine.

Step one – Generating the key pair

On your home computer:

Generate an RSA private key using ssh-keygen (unless you have already created one).

If you’re using Linux or OSX, open your terminal and run the following command under your username:

ssh-keygen -t rsa

This creates a public/private keypair of the type (-t) rsa.

Generating a public/private rsa key pair.
Enter the file in which you wish to save they key (i.e., /home/username/.ssh/id_rsa).

Once the keypair is created, you are prompted to enter the following items.

Click Enter on your keyboard to continue.

Enter a passphrase (leave empty for no passphrase).

Click Enter on your keyboard to continue.

Enter same passphrase again:

Click Enter on your keyboard to continue.

When finished, click Enter on your keyboard.

The following message appears:

Your identification has been saved in /home/username/.ssh/id_rsa
Your public key has been saved in /home/username/.ssh/id_sra.pub
The key fingerprint is:
ar:bc:d3:9e:g3:1f:63:6f:6b:32:2e:97:ee:42:e1:be username@servername
The key’s randomart image is:

Step two – Copying the public key you just created on your home computer to your DreamHost server

Copy the public key on your local computer to DreamHost's server by running the following command:

For Mac OS X users, please see the information in the next step.

ssh-copy-id -i ~/.ssh/id_rsa.pub user@server.com

Replace user and server.com with your username and server name. For example:

ssh-copy-id -i ~/.ssh/id_rsa.pub mydhuser@flower.dreamhost.com

The above command does not work if you are a Mac OS X user. Use the following instead which replaces the ssh-copy-id command for OS X users:

The authenticity of host ‘flower.dreamhost.com’ can’t be established.
Are you sure you want to continue connecting (yes/no)?

Type in the word yes and then click Enter.

mydhuser@flower.dreamhost.com’s password

Enter the password for your DreamHost SHELL username.

Step three – Confirming the SSH connection

At this point, a new folder is created under your DreamHost user named /.ssh with 700 permissions.

In that folder is your authorized_keys file which was just copied from your home computer which has 600 permissions.

Note:

The system automatically creates and names the file ‘authorized_keys’ when you run the command above.

If everything is configured properly, you should now be able to access your DreamHost account through SSH without a password. Run this command on your home computer where you just created the original keypair.

ssh user@server.dreamhost.com

Just change the user to your DreamHost SHELL user and server to your DreamHost servername. This should now log you in automatically without prompting for a password.

If ssh-copy-id does not work

Follow step one in the previous section to create the keypair on your home computer.

If ssh-copy-id doesn’t work for you, then manually upload your public key to your DreamHost server. On your home computer run this command under your username where you created your key pair:

scp ~/.ssh/id_rsa.pub user@server.com: ~/

This copies the id_rsa.pub file on your home computer to your DreamHost SHELL user. Just change 'user' to your SHELL user and 'server.com' to the server you're connecting to.

Log into your DreamHost server through your SHELL user.

Once logged into your DreamHost server, you’ll need to append the public key you just uploaded to your authorized_keys file. To do this, first make sure you’re in your users directory:

pwd
/home/mydhuser/

In that directory, create the /.ssh folder:

mkdir .ssh

Run the following command to create a new file named 'authorized_keys' in the new /.ssh folder. This will also copy your id_rsa.pub file into this new authorized_keys file:

cat id_rsa.pub >> .ssh/authorized_keys

Remove the original id_rsa.pub file in your SHELL user’s directory:

rm id_rsa.pub

Make sure the permissions are correctly set on the /.ssh folder and /.ssh/authorized_keys file. Run these three commands under your SHELL user:

chmod go-w ~
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

If everything is configured properly, you should now be able to access your DreamHost account through SSH without a password. Run this command on your home computer where you just created the original keypair.

ssh user@server.dreamhost.com

Just change the user to your DreamHost SHELL user and server to your DreamHost servername. This should now log you in automatically without prompting for a password.

Note:

For more information, see the man pages for ssh, ssh-keygen, ssh-copy-id, and sshd. “Getting started with SSH” is a step-by-step tutorial which you may find helpful.

Windows PuTTY

For instructions on how to set up and configure PuTTY for Passwordless Login, please review the following wiki:

Troubleshooting

Private key won't work

The most common case for a private key not working is that the permissions are set incorrectly on your .ssh directory. In particular, the .ssh directory, as well as your authorized_keys file, must both be set to only be writable by your user. If you're having issues, please try running the following:

chmod 700 $HOME/.ssh
chmod 600 $HOME/.ssh/authorized_keys

Directory/filenames which contain non-english/Asian characters show up as ?????? or are corrupt

If you have problems with your filenames or content not showing up correctly then you will want to add the following to your .bash_profile file to enable UTF support:

You can see the first line is LANG=en_US.UTF-8. If for some reason this still doesn’t work, it’s most likely the terminal client you’re using. For instructions on how to configure this in PuTTY please visit the following wiki:

Server unexpectedly closed network connection

If you get this error when attempting to SSH, this can mean your IP has been blocked. Contact support and we will check to see if your IP is blocked. If so, we will be able to whitelist it. If you don't know your IP, visit whatismyipaddress.com.

[User] is not in the sudoers group

Dreamhost does not allow regular shell users sudo access on shared servers for security purposes. While many tasks can be accomplished without the use of sudo, if you do need sudo access, you may wish to check out our DreamHost PS option, where you get full root access through an admin user.

Idle connections are getting dropped

Dreamhost and other ISPs may kill ssh connections that remain idle longer than a certain number of minutes. The fix is simple in Linux or OSX. All you need to do is set up keep-alive by editing the /etc/ssh/ssh_config or ~/.ssh/config file on your computer. In that file, add the following:

Host *
ServerAliveInterval 15
ServerAliveCountMax 4

Now the ssh client will ask the server for a sign of life every 15 seconds, thus keeping the connection open.

For instructions on how to configure this setting in PuTTY, please visit the following wiki: